Know your customer (KYC) is the process by which companies verify the identity and financial conditions of customers before doing business with them. This policy applies to both prospective and existing business relations, with a focus on establishing the salient facts from the very outset.
The Reserve Bank of India introduced an official policy back in 2002. It directed all banks and financial institutions to implement a policy framework to know their customers before opening any account. The purpose was to prevent criminal activities like identity theft, money laundering and terrorist financing.
KYC processes have also subsequently been followed by companies to prevent late payment, business failure, or even corporate fraud. Know your client is not just a risk mitigation measure (preventing damage to business schedules, cash flows, reputation), but also a process for safeguarding competitive advantage. Without the correct policies in place, businesses can risk encountering serious loss of funds.
KYC is becoming one of the biggest policies on companies’ agendas globally. This is partly because of the increasing number of businesses trading abroad, where meeting face to face is practically impossible in many cases. As a result, the need to get independent verification on the identity of business contacts has significantly increased. In addition to verifying contacts, full knowledge of a company’s financial status and circumstances (i.e. knowing they can safely meet on the agreed terms) is beginning to form a large part of companies’ risk management processes.
In the UK, it is governed by the underlying rules of the Money Laundering Regulations 2007. In addition, many UK businesses use the guidance of the European Joint Money Laundering Steering Group (JMLSG) for compliance. The identification process in the UK begins with collection and analysis of high level information. In the case of large corporates (other than regulated firms) this includes verification of full name, company registration number, the registered office in the country of incorporation, plus the business address. For private or unlisted companies, this includes verifying names of all directors (or equivalent), plus the names of individuals who own or control over 25% of its shares or voting rights. Finally, the names of any individuals who otherwise exercise control over the management of the company should be gathered.
The existence of the corporate should be verified by either confirming the company's listing on a regulated market, conducting a search of the relevant company registry, or by obtaining a copy of the company's Certificate of Incorporation. For private/unlisted companies, a risk management assessment can also be followed to verify one or more of the directors as appropriate in-line with Customer Due Diligence (CDD) requirements for individuals. In respect of beneficial owners, the relevant person must take adequate measures to verify the identity of the beneficial owners based on risk. Money Laundering (ML) regulations define beneficial owners as ‘individuals either owning or controlling more than 25% of body corporates or partnerships’ (or at least 25% of trusts) or otherwise owning or controlling the customer.
Electronically verified or copied identity documents need to be supplemented by additional verification. These checks must be done to manage the risk of identity theft. This doesn’t mean becoming an expert at spotting forgeries. However, building a robust Know Your Customer process may include investing in the services of a reputable third party to carry this out for you. Remember to weigh up the amount of data you have on a client, plus the risk levels associated with each piece data.
Ask the question, how compliant are my existing or prospective customers? Just because you’ve been working with a particular organisation for many years, there are no guarantees their circumstances have remained the same.
Create an expectation of your customer’s transactional behaviour and recorded profile. This can then be monitored against their actual behaviour to spot for any discrepancies. In addition, knowing the recorded profile and behaviour of your customer’s peers will also help you to spot signs of unusual behaviour.
With both current and future business relations, ensure you nail down some well thought out controls, such as matching names against lists of ‘known parties’. These can include a company or individual linked to a politically exposed person (PEP), or those organisations that appear on any ‘Watch Lists’ such as the Office of Foreign Assets Control (OFAC), or even the HMRC Financial Sanctions list. If you’re doing business abroad, make sure you’re up to date on the anti-corruption legislation for your country and the prospect country. This will allow you to determine the potential for the customer to commit money laundering, finance terrorism, or commit identity theft.
For gathering more detail beyond KYC procedures, there is also the Enhanced Due Diligence (EDD) option. This approach is mainly required for larger customers and transactions. In the US for example, the regulations require that EDD measures are applied to account types such as private banking, correspondent accounts, and offshore banking institutions. EDD files are reliant on initial client screening. Information is gathered and corroborated by commercial intelligence companies, many of which are connected to specialist in-country researchers or investigation agencies.